Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Sep 22, 2023 10 tweets 6 min read Read on X
Scrolly
🚨UPDATE your @Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

It gets crazier 1/

citizenlab.ca/2023/09/predat…
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone wi...
2/ Ahmed Eltantawy got in touch with us @citizenlab, worried his devices were targeted in #Egypt.

He was right. His iPhone on @VodafoneEgypt was targeted for network injection.

As he browsed the net, the attackers were trying to slip a #Predator infection onto his device.

Image
Image
Image
3/ It gets worse.

We attribute the spyware injection system to a @Sandvine Packet Logic product w/high confidence.

Sandvine has been accused in past of facilitating human rights abuses in the past.

Owned by NSO Group's former owner Francisco Partners.




Image
Image
Image
Image
4/ This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant @maddiestone, points out in her post.

It's a seriously dangerous kind of attack & hard to protect against.
blog.google/threat-analysi…
Image
@maddiestone 5/ Apple moved quickly to fix the zero-day exploits @maddiestone & @billmarczak discovered.

We encourage everyone to immeidately update their apple products.

There is a piece of good security news buried in all this... Image
@maddiestone @billmarczak 6/ We believe & Apple's Security Engineering & Architecture Team confirms, Lockdown Mode would have blocked this attack!

We *strongly* encourage all Apple users that may be at risk because of who they are or what they do to enable Lockdown Mode!

support.apple.com/en-us/HT212650
Image
@maddiestone @billmarczak 7/ Ahmed ElTantawy wasn't just targeted with network injection!

He was also targeted with #Predator spyware links in decoy messages sent as texts & over @WhatsApp.

One of the attacks masqueraded as communications from the International Federation for Human Rights @fidh_en Image
@maddiestone @billmarczak @WhatsApp @fidh_en 8/ This summer the 🇺🇸US hit developer & distributor of #Predator spyware (Cytrox & Intellexa) with blacklisting.

This latest abuse revelation affirms the determination that the spyware continues to fuel human rights abuses.

By @ddimolfetta & @Post_AG
washingtonpost.com/national-secur…
Image
9/ Pulling back the lens from the tech side of this #Predator attack:

Mercenary spyware is autocrat fuel.

When you hack a pro-democracy presidential hopeful in an autocracy... you are doing dictatorship.

And spyware companies know exactly who they are selling to. Image
10/ Without brave victims like Ahmed Tantawy getting checked & coming forwards, these recent exploits would not have been found.

Billions of apple devices would still be vulnerable.

Including yours. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Nov 27
BREAKING: #ExxonMobil lobbyist investigated over hacking of American nonprofits.

Hacked material fed PR campaigns & lawsuits against environmental advocacy orgs. 1/

By @razhael & @Bing_Chris Image
Image
Image
Image
2/ The case goes back years & centers around a massive hack-for-hire operation based in #India....

...that did the dirty work for powerful people & companies around the world.

3/ This latest chapter in the case, now public, thanks to the work of @razhael & @Bing_Chris, shows how money & dirty tricks are brought to bear against organizations that go up against certain powerful companies.

reuters.com/business/energ…Image
Image
Image
Read 4 tweets
John Scott-Railton Profile picture
Nov 24
First time I've seen what I think is AI-generated fake satellite imagery.*

Interesting. 1/
2/ With a squint this vibes. Try it for yourself on the first pic without zooming in.

Notice anything that just isn't quite right?

First thing: the marina / oceanfront areas don't follow a coherent logic. Image
Image
3 / Let's zoom in a bit and look at these ...roads?

Try to follow a single bit of blacktop and you'll start encountering logic problems. Image
Read 6 tweets
John Scott-Railton Profile picture
Nov 14
Whoa: NSO Group allegedly rolled a @WhatsApp exploit to implant #Pegasus spyware even after WhatsApp sued them.

This previously-unrevealed "Erised" vector was later disabled by #WhatsApp.

These un-redacted filings are quite the read. Even some footnotes have scoops. 1/Image
2/ We learn that NSO Group had at least three @whatsapp exploits: Heaven, Eden & Erised.

The first, called Heaven, was active some time prior to Sept-Dec 2018. It worked by using manipulated messages to direct targeted devices to a malicious WhatsApp relay controlled by NSO Group.

Heaven was ultimately disabled by changes made in Sept & December 2018 by WhatsApp.

storage.courtlistener.com/recap/gov.usco…Image
Image
Image
Image
3/ After the Heaven vector stopped working, NSO Group deployed Eden, which had a key feature: it needed to pass through relays controlled by @WhatsApp.

There's some detail about how the exploit was deployed to avoid detection.

Ultimately, it was detected, leading to the lawsuit.Image
Image
Read 7 tweets
John Scott-Railton Profile picture
Oct 31
WILD: actual photo of Musk-hired door knockers being driven around #Michigan.

This group of mostly-black workers were driven in the back of a truck with no seats.

They say they were flown in, given unrealistic goals, and threatened with their lodging being cut off & being forced to pay their own way home if they couldn't meet them.

Some didn't even know which candidate they were working for.

Article by @JakeLahut
wired.com/story/elon-mus…Image
Working to help the richest man in the world get his preferred candidate into office, folks. Image
You really have to read the whole article by @JakeLahut Image
Read 4 tweets
John Scott-Railton Profile picture
Oct 26
I'm excited for the #HarrisWalz plan to massively expand medicare to cover in-home care.

Beautiful. So many families are are helping loved ones get through hurdles with dignity & independence. At home.

Oh wait, you hadn't heard about this?

A study shows major broadcast networks mostly ignored the policy announcement on the day she made it.
apnews.com/article/harris…Image
Image
Home health care is ruinously expensive.

But as everyone knows, it's often better for seniors to get help in their homes.

A study found that this new #HarrisWalz #medicare benefit is likely to help more than 14 million beneficiaries.

Chart: kff.org/medicare/issue…Image
Image
The #HarrisWalz in-home care medicare benefit for seniors is a big deal.

Yet major broadcast networks gave it only seconds of coverage .

mediamatters.org/broadcast-netw…Image
Read 5 tweets
John Scott-Railton Profile picture
Oct 21
You've probably heard about Musk's petition.

It's run on the same website that ran bait-and-switch voter registration back in August.

They had to shut it down.

The goal then: probably soak up detailed voter data.

Remember, lots of shady micro-targeting is going on right now from Musk-backed PACs.

And now? Data collection is again a key priority.

I don't know why this isn't front and center in news stories about this.Image
Image
2/ Coverage of Musk's actions often treats them in isolation.

The petition for example is largely covered as "is this legal?"

Good question, but if you don't focus on the systemic effort to gather data & influence voters using that data, you miss the plot.
3/ Do election influence teams /PACs backed by Musk have any special access to @X data?

His escalating offers of $$ show how important he thinks voter data is.

Well, X is a goldmine of political data.

Temptation must be there.

When will election coverage ask the question?Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(